package com.wangshouyu.mp.pay.common.utils;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;

/**
 * @author 王守钰
 * @description 证书工具
 * @date 2020/8/14 9:46
 */
public class PemUtils {

  /**
   * 加载私钥
   * @param inputStream 输入流
   * @return 私钥
   */
  public static PrivateKey loadPrivateKey(InputStream inputStream) {
    try {
      ByteArrayOutputStream array = new ByteArrayOutputStream();
      byte[] buffer = new byte[1024];
      int length;
      while ((length = inputStream.read(buffer)) != -1) {
        array.write(buffer, 0, length);
      }
      return loadPrivateKey(array.toString("utf-8"));
    } catch (IOException e) {
      throw new RuntimeException("无效的密钥");
    }
  }

  /**
   * 加载私钥
   * @param key 私钥
   * @return 私钥
   */
  public static PrivateKey loadPrivateKey(String key) {
    try {
      String privateKey = key
              .replace("-----BEGIN PRIVATE KEY-----", "")
              .replace("-----END PRIVATE KEY-----", "")
              .replaceAll("\\s+", "");

      KeyFactory kf = KeyFactory.getInstance("RSA");
      return kf.generatePrivate(
              new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)));
    } catch (NoSuchAlgorithmException e) {
      throw new RuntimeException("当前Java环境不支持RSA", e);
    } catch (InvalidKeySpecException e) {
      throw new RuntimeException("无效的密钥格式");
    }
  }

  /**
   * 加载证书
   * @param inputStream 输入流
   * @return 证书
   */
  public static X509Certificate loadCertificate(InputStream inputStream) {
    try {
      CertificateFactory cf = CertificateFactory.getInstance("X509");
      X509Certificate cert = (X509Certificate) cf.generateCertificate(inputStream);
      cert.checkValidity();
      return cert;
    } catch (CertificateExpiredException e) {
      throw new RuntimeException("证书已过期", e);
    } catch (CertificateNotYetValidException e) {
      throw new RuntimeException("证书尚未生效", e);
    } catch (CertificateException e) {
      throw new RuntimeException("无效的证书", e);
    }
  }
}
